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//7 the Claims 
Claims remaining in the application are as follows: 

1 . (Currently amended): A Personal Identification Number (PIN) verification 
apparatus comprising: 

a plurality of cipher blocks linked in a Cipher Block Chain (CBC) and keyed 
with a secret PIN Verification Key (PVK); 

a first input block coupled to a first cipher block in the CBC chain oapablo - of 
reoo l v i ng that receives a text block derived from a secret Personal 
Identification Number (PIN); and 

a second input block coupled to a second cipher block in the CBC chain 
capab le of recoiving that receives a text block derived from a non- 
secret entity-identifier and ciphertext from a cipher block in the CBC 
chain. 

2. (Original): The apparatus according to Claim 1 further comprising: 
a logical operator that exclusive-ORs the plaintext block derived from the 

secret PIN with an initialization vector to produce an initialized block; 

a first encryptor that encrypts the Initialized block using triple Data Encryption 
Standard (3-DES) encryption to produce a first ciphertext block; 

a logical operator that exclusive-ORs the plaintext block derived from the non- 
secret entity-identifier with the first ciphertext block to produce a 
chained block; and 

a second encryptor that encrypts the chained block using triple Data 

Encryption Standard (3-DES) encryption to produce a second ciphertext 
block. 
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3. (Currently amended): The apparatus according to Claim 2 
wherein: 

the PIN verification apparatus operates in a reversible mode that onablos 

r e cov e ry of recovers the secret PIN from the second ciphertext block. 

4. (Original): The apparatus according to Claim 2 further comprising: 

a logical operator that exclusive-ORs the first ciphertext block with the second 
ciphertext block to produce a third ciphertext block. 

5. (Original): The apparatus according to Claim 4 wherein: 

the PIN verification apparatus operates in an irreversible mode that obstructs 
recovery of the secret PIN. 



6, (Currently amended): 
comprising: 
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The apparatus according to Claim 5 further 



an escrow storage coupled to the second encryptor and capab l e of storing that 
stores the second ciphertext block. 

7. (Original): The apparatus according to Claim 1 further comprising: 
the plurality of cipher blocks that encrypt data according to a triple Data 

Encryption Standard (3-DES). 

8. (Currently amended): The apparatus according to Claim 1 further 
comprising: 

a format converter coupled to a cipher block in the CBC chain and capab le of 
conv e rt i ng that converts hexadecimal digit ciphertext to a decimal result 
by s canning receiving in sequence the hexadecimal digit ciphertext, 
selecting a predetermined number of numeric digits, and generating 
output digits as a PIN Verification Value (PW). 
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9. (Original): 



The apparatus according to Claim 1 further comprising: 



the plurality of cipher blocks that encrypt data according to a definition 
selected from among a group consisting of triple Data Encryption 
Standard (3-DES) and Advanced Encryption Standard (AES) definition. 

10. (Currently amended): The apparatus according to Claim 1 further 

comprising: 

a first formatter conf i gured to construct that constructs a first incoming 

plaintext block from a concatenation of a length digit, x hexadecimal 
digits of the secret Personal Identification Number (PIN) with 16-(x+1) 
rightmost hexadecimal digits of the non-secret entity-identifier; and 

a second formatter conf i gured to conctruot that constructs a second incoming 
plaintext block from a concatenation of y hexadecimal digits of the non- 
secret entity-identifier with a pad character that is repeated 16-y times. 

1 1 . (Original): A method for Personal Identification Number (PIN) 
verification comprising: 

linking a plurality of cipher blocks in a Cipher Block Chain (CBC); 
applying an incoming plaintext block derived from a secret Personal 

Identification Number (PIN) to one of the plurality of cipher blocks; 
applying an incoming plaintext block derived from a non-secret entity-identifier 

and ciphertext from a cipher block in the CBC chain; 
keying the plurality of cipher blocks with a secret PIN Verification Key (PVK); 

and 

executing the cipher blocks resulting in generation of ciphertext. 

12. (Original): The method according to Claim 1 1 further comprising: 
a plurality of cipher blocks that encrypt data according to a triple Data 

Encryption Standard (3-DES). 
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13. (Original): The method according to Claim 1 1 wherein the PIN 
verification method is capable of operating in a reversible mode that enables 
recovery of the secret PIN, the method comprising: 

exclusive-ORing the plaintext block derived from the secret PIN with an 
initialization vector to produce an initialized block; 

encrypting the initialized block using triple Data Encryption Standard (3-DES) 
encryption to produce a first ciphertext block; 

exclusive-ORing the plaintext block derived from the non-secret entity- 
identifier with the first ciphertext block to produce a chained block; 

encrypting the chained block using triple Data Encryption Standard (3-DES) 
encryption to produce a second ciphertext block; and 

supplying the second ciphertext block for PIN verification. 

14. (Original): The method according to Claim 1 1 wherein the PIN 
verification method is capable of operating in an irreversible mode that obstructs 
recovery of the secret PIN, the method comprising: 

exclusive-ORing the plaintext block derived from the secret PIN with an 



encrypting the initialized block using triple Data Encryption Standard (3-DES) 
encryption to produce a first ciphertext block; 

exclusive-ORing the plaintext block derived from the non-secret entity- 
identifier with the first ciphertext block to produce a chained block; 

encrypting the chained block using triple Data Encryption Standard (3-DES) 
encryption to produce a second ciphertext block; 

exclusive-ORing the first ciphertext block with the second ciphertext block to 
produce a third ciphertext block; and 

supplying the second ciphertext block for PIN verification. 

15. (Original): The method according to Claim 14 further comprising: 



initialization vector to produce an initialized block; 
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storing the second ciphertext block in at least one escrow to facilitate recovery 
of the secret PIN. 
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16. {Currently amended): The method according to Claim 11 further 
comprising: 

converting hexadecimal digit ciphertext generated by a final ciphertext block in 
the Cipher Block Chain (CBC) to a decimal result by scann i ng receiving 
in sequence the hexadecimal digit ciphertext, selecting a predetermined 
number of numeric digits, and generating output digits as a PIN 
Verification Value (PVV); and 

using the PVV for PIN verification. 

17. (Original): The method according to Claim 1 1 further comprising: 
supplying hexadecimal digit ciphertext generated by a final ciphertext block in 

the Cipher Block Chain (CBC) as a PIN Verification Value (PW). 

18. (Original): The method according to Claim 1 1 further comprising: 

a plurality of cipher blocks that encrypt data according to a definition selected 
from among a group consisting of triple Data Encryption Standard (3- 
DES) and Advanced Encryption Standard (AES) definition. 

19. (Original): The method according to Claim 1 1 further comprising: 
constructing a first incoming plaintext block from a concatenation of a length 

digit, x hexadecimal digits of the secret Personal identification Number 
(PIN) with 16-(x+1 ) rightmost hexadecimal digits of the non-secret 
entity-identifier; and 
constructing a second incoming plaintext block from a concatenation of y 
hexadecimal digits of the non-secret entity-identifier with a pad 
character that is repeated 1 6-y times. 

20. (Currently amended): A data security apparatus comprising: 

an enrollment terminal capable of accepting a magnetic stripe card storing a 
non-secret entity-identifier and an entity-selected secret Personal 
Identification Number (PIN); 



KBRef.No, iDiB r po7sus -6- Serial No. 10/749,200 

PAGE 8/20 * RCVD AT 8/22/2007 8:25:32 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-3/1 1 * DNIS:2738300 * CSID:9492510260 * DURATION (mm-ssjiQMW 



08/22/2007 17:35 FAX 9492510260 



KQESTNER BERTANI_LLP 



©009/020 



KOtfiTNER fiBRTA.VI UJ» 

2i9: martin st 

SUITE H<i 
IRVlNe.CA9«l2 

PAX 2514120 



a processor coupled to the enrollment terminal a nd capab l e of rece i ving that 
receives the entity-identifier and the PIN; and 

a memory coupled to the processor and having a computable readable 

program code embodied therein capable of causing the processor to 
enroll a PIN comprising linking a plurality of cipher blocks In a Cipher 
Block Chain (CBC), applying an incoming plaintext block derived from 
the secret Personal Identification Number (PIN) to one of the plurality of 
cipher blocks, applying an incoming plaintext block derived from the 
non-secret entity-identifier and ciphertext from a cipher block in the 
CBC chain, keying the plurality of cipher blocks with a secret PIN 
Verification Key (PVK), and executing the cipher blocks resulting in 
generation of ciphertext PIN Verification Value (PW) for usage in 
performing a subsequent PIN verification function. 

21 . (Original): The apparatus according to Claim 20 wherein the PIN 
verification function is capable of operating in a reversible mode that enables 
recovery of the secret PIN and the memory further comprises: 

a computable readable program code capable of causing the processor to 
exclusive-OR the plaintext block derived from the secret PIN with an 
initialization vector to produce an initialized block; 

a computable readable program code capable of causing the controller to 
encrypt the initialized block using triple Data Encryption Standard (3- 
DES) encryption to produce a first ciphertext block; 

a computable readable program code capable of causing the controller to 
exclusive-OR the plaintext block derived from the non-secret entity- 
identifier with the first ciphertext block to produce a chained block; 

a computable readable program code capable of causing the controller to 
encrypt the chained block using triple Data Encryption Standard (3- 
DES) encryption to produce a second ciphertext block; and 

a computable readable program code capable of causing the controller to 
supply the second ciphertext block for PIN verification. 
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22. (Original): The apparatus according to Claim 20 wherein the PIN 
verification function is capable of operating in an irreversible mode that obstructs 
recovery of the secret PIN and the memory further comprises: 

a computable readable program code capable of causing the processor to 
exciusive-OR the plaintext block derived from the secret PIN with an 
initialization vector to produce an initialized block; 

a computable readable program code capable of causing the controller to 
encrypt the initialized block using triple Data Encryption Standard (3- 
DES) encryption to produce a first ciphertext block; 

a computable readable program code capable of causing the controller to 
exclusive-OR the plaintext block derived from the non-secret entity- 
identifier with the first ciphertext block to produce a chained block; 

a computable readable program code capable of causing the controller to 
encrypt the chained block using triple Data Encryption Standard (3- 
DES) encryption to produce a second ciphertext block; 

a computable readable program code capable of causing the controller to 

exclusive-OR the first ciphertext block with the second ciphertext block 
to produce a third ciphertext block; and 

a computable readable program code capable of causing the controller to 
supply the second ciphertext block for PIN verification. 

23. (Original): The apparatus according to Claim 22 further comprising: 
an escrow storage communicatively coupled to the transaction system and 

comprising at least one escrow storage element; and 
the memory further comprises a computable readable program code capable 
of causing the processor to store the second ciphertext block in the 
escrow storage in at least one secret escrow share to facilitate recovery 
of the secret PIN. 
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24. (Currently amended): The apparatus according to Claim 20 wherein the 
memory further comprises: 

a computable readable program code capable of causing the processor to 
convert hexadecimal digit ciphertext generated by a final ciphertext 
block in the Cipher Block Chain (CBC) to a decimal result by s c a nn i ng 
receiving in sequence the hexadecimal digit ciphertext, selecting a 
predetermined number of numeric digits, and generating output digits 
as a PIN Verification Value (PVV); and 

a computable readable program code capable of causing the processor to 
write the PW to a magnetic stripe card or a smart card. 

25. (Original): The apparatus according to Claim 20 wherein the memory 
further comprises: 

a computable readable program code capable of causing the processor to 
store hexadecimal digit ciphertext generated by a final ciphertext block 
in the Cipher Block Chain (CBC) as a PIN Verification Value (PVV) in a 
storage element. 

26. (Original): The apparatus according to Claim 20 wherein: 

the plurality of cipher blocks encrypt data according to a definition selected 
from among a group consisting of triple Data Encryption Standard <3~ 
DES) and Advanced Encryption Standard (AES) definition. 

27. (Original): The apparatus according to Claim 20 wherein the memory 
further comprises: 

a computable readable program code capable of causing the processor to 



a computable readable program code capable of causing the processor to 
construct a second incoming plaintext block from a concatenation of y 
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construct a first incoming plaintext block from a concatenation of a 
length digit and x hexadecimal digits of the secret Personal 
Identification Number (PIN) with 16-(x+1) rightmost hexadecimal digits 
of the non-secret entity-identifier; and 
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hexadecimal digits of the non-secret entity-identifier with a pad 
character that is repeated 16-y times. 

28. (Currently amended): A data security apparatus comprising: 
a PIN Verification Value (PVV) database capable of storing a plurality of PIN 

Verification Values (PWs) for enrolled magnetic stripe cards; 
an escrow capable of storing a plurality of escrow values associated with at 

least some of the enrolled magnetic stripe cards; and 
a processor coupled to the PVV database and the escrow and capab l e of 
rooo i ving that receives an entity-identifier, a PIN Verification Value 
(PVV) associated to the entity-identifier, and at least one escrow value 
associated to the entity-identifier; and 
a memory coupled to the processor and having a computable readable 

program code embodied therein capable of causing the processor to 
recover a PIN comprising linking a plurality of cipher blocks In a Cipher 
Block Chain (CBC), applying an incoming plaintext block derived from 
the PIN Verification Value (PW) to one of the plurality of cipher blocks, 
applying an incoming plaintext block derived from the non-secret entity- 
identifier and ciphertextfrom a cipher block in the CBC chain, keying 
the plurality of cipher blocks with a secret PIN Verification Key (PVK), 
executing the cipher blocks to produce a ciphertext value,. and 
combining the ciphertext value with the at least one escrow value 
resulting in recovery of the PIN verification function. 

29. (Currently amended): A data security apparatus comprising: 
a transaction terminal capable of accepting a magnetic stripe card storing a 

non-secret entity-identifier and an entity-entered secret Personal 
Identification Number (PIN'); 
a PIN Verification Value (PVV) database; 

a processor communicatively coupled to the transaction terminal and copablo 
of rec e iv i ng that receives the entity-identifier, the PIN', and coupled to 
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the PW database and capable of retrieving a PIN Verification Value 
(PW) associated with the entity-Identifier; and 
a memory coupled to the processor and having a computable readable 

program code embodied therein capable of causing the processor to 
verify the PIN' comprising linking a plurality of cipher blocks in a Cipher 
Block Chain (CBC), applying an incoming plaintext block derived from 
the secret entered Personal Identification Number (PIN 1 ) to one of the 
plurality of cipher blocks, applying an incoming plaintext block derived 
from the non-secret entity-identifier and ciphertext from a cipher block in 
the CBC chain, keying the plurality of cipher blocks with a secret PIN 
Verification Key (PVK), executing the cipher blocks resulting in 
generation of ciphertext transaction PIN Verification Value (PW); 
comparing the generated PW and the retrieved PW; and determining 
PIN verification based on the comparison. 

30. (Original): A transaction system comprising; 
a network; 

a plurality of servers and/or hosts coupled to the network; 
a plurality of terminals coupled to the servers via the network; 
a plurality of magnetic stripe cards enrolled in the transaction system and 
capable of insertion into the on-line terminals and performing 
transactions via the servers; and 
a plurality of processors distributed among the servers, hosts, and/or the 
terminals, at least one of the processors being capable of executing 
PIN verification using a magnetic stripe card and having a computable 
readable program code embodied therein capable of causing the 
processor to link a plurality of cipher blocks in a Cipher Block Chain 
(CBC), apply an incoming plaintext block derived from a secret 
Personal Identification Number (PIN) to one of the plurality of cipher 
blocks, apply an incoming plaintext block derived from a non-secret 
entity-identifier and ciphertext from a cipher block in the CBC chain, key 
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the plurality of cipher blocks with a secret PIN Verification Key (PVK), 
and execute the cipher blocks resulting in generation of ciphertext. 

31 . (Original): A data security apparatus comprising: 

means for enrolling a transaction card in a data system; and 

means for generating a Personal Identification Number (PIN) Verification 

Value (PW) for usage in Personal Identification Number (PIN) 

verification further comprising: . 

means for linking a plurality of cipher blocks in a Cipher Block Chain 
(CBC); 

means for applying an incoming plaintext block derived from a secret 
Personal Identification Number (PIN) to one of the plurality of 
cipher blocks; 

means for applying an incoming plaintext block derived from a non- 
secret entity-identifier to another of the plurality of cipher blocks; 

means for keying the plurality of cipher blocks with a secret PIN 
Verification Key (PVK); and 

means for generating a PIN Verification Value (PW) via operation of a 
plurality of cipher blocks in the Cipher Block Chain; and 

means for writing the PW to a transaction card for subsequent PIN 
verification. 
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